Boards must also define the structure and role of the compliance function, the role of the CCO and processes for identifying, assessing, monitoring, managing and reporting on compliance risk throughout the bank.
The Reserve Bank of India (RBI) on Friday issued guidelines to enforce uniform compliance practices across banks. Among the requirements laid down by the central bank are a board-approved compliance policy, appointment of a chief compliance officer (CCO) and internal audit of the compliance function.
As part of a robust compliance system, banks are required to have an effective compliance culture, an independent corporate compliance function and a strong compliance risk management programme at the bank and group levels.
“Such an independent compliance function is required to be headed by a designated chief compliance officer (CCO) selected through a suitable process with an appropriate ‘fit and proper’ evaluation/selection criteria to manage compliance risk effectively,” the RBI said in the notification. “However, it is observed that the banks follow diverse practices in this regard. The following guidelines are meant to bring uniformity in approach followed by banks, as also to align the supervisory expectations on CCOs with best practices,” the notification said.
The guidelines mandate that banks must lay down board-approved compliance policies clearly spelling out their compliance philosophy, expectations on compliance culture covering tone from the top, accountability, incentive structure and effective communication and the challenges thereof. Boards must also define the structure and role of the compliance function, the role of the CCO and processes for identifying, assessing, monitoring, managing and reporting on compliance risk throughout the bank.
Banks shall develop and maintain a quality assurance and improvement programme covering all aspects of the compliance function. The programme shall be subject to independent external review periodically, at least once in three years.
“The policy should lay special thrust on building up compliance culture, vetting of the quality of supervisory/regulatory compliance reports to RBI by the top executives, non-executive chairman /chairman and ACB (audit committee of the board) of the bank, as the case may be. The policy shall be reviewed at least once a year,” the notification said.
The CCO shall be a senior executive of the bank, preferably in the rank of a general manager or an equivalent position and not below two levels from the chief executive. The CCO could also be recruited from the market. They should not be more than 55 years old. The CCO must have an overall experience of at least 15 years in banking or financial services, out of which at least five years shall be in the audit, finance, compliance, legal or risk management functions.
The CCO shall have the ability to independently exercise judgement as also the freedom and sufficient authority to interact with regulators and supervisors directly, and ensure compliance. No vigilance case or adverse observation from the RBI should be pending against the candidate identified for appointment as the CCO.
The CCO shall have direct reporting lines to the MD and CEO and/or the board and ACB of the bank. In case the CCO reports to the MD and CEO, the audit committee of the board shall meet the CCO quarterly on the one-on-one basis without the presence of the senior management, including the MD and CEO. “The CCO shall not have any reporting relationship with the business verticals of the bank and shall not be given any business targets. Further, the performance appraisal of the CCO shall be reviewed by the board/ACB,” the RBI said.